mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-23 07:22:33 +00:00
a0814f04ed
Changes between 1.1.1r and 1.1.1s [1 Nov 2022] *) Fixed a regression introduced in 1.1.1r version not refreshing the certificate data to be signed before signing the certificate. [Gibeom Gwon] Changes between 1.1.1q and 1.1.1r [11 Oct 2022] *) Fixed the linux-mips64 Configure target which was missing the SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that platform. [Adam Joseph] *) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was causing incorrect results in some cases as a result. [Paul Dale] *) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to report correct results in some cases [Matt Caswell] *) Fixed a regression introduced in 1.1.1o for re-signing certificates with different key sizes [Todd Short] *) Added the loongarch64 target [Shi Pujin] *) Fixed a DRBG seed propagation thread safety issue [Bernd Edlinger] *) Fixed a memory leak in tls13_generate_secret [Bernd Edlinger] *) Fixed reported performance degradation on aarch64. Restored the implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode") for 64bit targets only, since it is reportedly 2-17% slower and the silicon errata only affects 32bit targets. The new algorithm is still used for 32 bit targets. [Bernd Edlinger] *) Added a missing header for memcmp that caused compilation failure on some platforms [Gregor Jasny] Build system: x86_64 Build-tested: bcm2711/RPi4B Run-tested: bcm2711/RPi4B Signed-off-by: John Audia <therealgraysky@proton.me>
42 lines
1.6 KiB
Diff
42 lines
1.6 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
|
Date: Mon, 11 Mar 2019 09:29:13 -0300
|
|
Subject: e_devcrypto: default to not use digests in engine
|
|
|
|
Digests are almost always slower when using /dev/crypto because of the
|
|
cost of the context switches. Only for large blocks it is worth it.
|
|
|
|
Also, when forking, the open context structures are duplicated, but the
|
|
internal kernel sessions are still shared between forks, which means an
|
|
update/close operation in one fork affects all processes using that
|
|
session.
|
|
|
|
This affects digests, especially for HMAC, where the session with the
|
|
key hash is used as a source for subsequent operations. At least one
|
|
popular application does this across a fork. Disabling digests by
|
|
default will mitigate the problem, while still allowing the user to
|
|
turn them on if it is safe and fast enough.
|
|
|
|
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
|
|
|
--- a/engines/e_devcrypto.c
|
|
+++ b/engines/e_devcrypto.c
|
|
@@ -852,7 +852,7 @@ static void prepare_digest_methods(void)
|
|
for (i = 0, known_digest_nids_amount = 0; i < OSSL_NELEM(digest_data);
|
|
i++) {
|
|
|
|
- selected_digests[i] = 1;
|
|
+ selected_digests[i] = 0;
|
|
|
|
/*
|
|
* Check that the digest is usable
|
|
@@ -1072,7 +1072,7 @@ static const ENGINE_CMD_DEFN devcrypto_c
|
|
#ifdef IMPLEMENT_DIGEST
|
|
{DEVCRYPTO_CMD_DIGESTS,
|
|
"DIGESTS",
|
|
- "either ALL, NONE, or a comma-separated list of digests to enable [default=ALL]",
|
|
+ "either ALL, NONE, or a comma-separated list of digests to enable [default=NONE]",
|
|
ENGINE_CMD_FLAG_STRING},
|
|
#endif
|
|
|